Aggregator
Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic
A critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached end-of-life (EOL) status in December 2022. The flaw allows attackers to bypass SSL pinning during device pairing, enabling man-in-the-middle (MitM) attacks and network traffic manipulation. Technical Analysis SSL Pinning Bypass Mechanism The Cloud Cam’s deprecated service infrastructure forces the device into […]
The post Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
Safepay
You must login to view this content
Один неизвестный хакер парализовал культурную жизнь 52-миллионной нации
New GitHub Device Code Phishing Attacks Targeting Developers to Steal Tokens
Cybersecurity researchers have identified a sophisticated new phishing campaign that exploits GitHub’s OAuth2 device authorization flow to compromise developer accounts and steal authentication tokens. This emerging threat represents a significant evolution in social engineering tactics, leveraging legitimate GitHub functionality to bypass traditional security measures and gain unauthorized access to source code repositories, CI/CD pipelines, and […]
The post New GitHub Device Code Phishing Attacks Targeting Developers to Steal Tokens appeared first on Cyber Security News.
Cached screenshots on Windows 11
HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit
A significant security vulnerability in HashiCorp Nomad workload orchestrator that allows attackers to escalate privileges by exploiting the Access Control List (ACL) policy lookup mechanism. The vulnerability, tracked as CVE-2025-4922, affects both Community and Enterprise editions of Nomad across multiple versions and poses a serious risk to organizations relying on the platform’s security controls. The […]
The post HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit appeared first on Cyber Security News.
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service. Acer has released patched versions (4.00.3058+) to address […]
The post Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change
A critical vulnerability that allows attackers to bypass AI-powered content moderation systems using minimal text modifications. The “TokenBreak” attack demonstrates how adding a single character to specific words can fool protective models while preserving the malicious intent for target systems, exposing a fundamental weakness in current AI security implementations. Simple Character Manipulation HiddenLayer reports that […]
The post New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change appeared first on Cyber Security News.
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
【安全圈】Erie Insurance证实遭遇网络攻击,导致业务中断
【安全圈】#B站昨天崩了#
【安全圈】美东时间周四,谷歌云发生大范围故障,导致多家大型网络服务中断,包括Spotify、OpenAI、GitHub等。
【安全圈】小区门禁成摇钱树,个人信息被明码标价!
Владелец пражского бистро оказался "поставщиком жучков" для половины Африки
PoC Exploit Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
A proof-of-concept exploit published for CVE-2025-21420, a newly discovered elevation of privilege vulnerability affecting the Windows Disk Cleanup Tool (cleanmgr.exe). The vulnerability allows attackers to escalate privileges to SYSTEM level by exploiting improper link resolution mechanisms within the SilentCleanup scheduled task, which runs with elevated privileges on Windows systems. Windows Disk Cleanup Vulnerability The vulnerability […]
The post PoC Exploit Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability appeared first on Cyber Security News.
Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage
Discover the capabilities of Microsoft 365 Data Loss Prevention (DLP) and understand its limitations. Learn how to prevent unauthorized data access and sharing.
The post Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage appeared first on Security Boulevard.
Microsoft Defender Spoofing Vulnerability Allows Privilege Escalation and AD Access
A critical spoofing vulnerability in Microsoft Defender for Identity (MDI) allows unauthenticated attackers to escalate privileges and gain unauthorized access to Active Directory environments. The vulnerability, designated as CVE-2025-26685, exploits the Lateral Movement Paths (LMPs) feature in the MDI sensor, enabling attackers to capture authentication credentials and potentially compromise entire organizational networks. Microsoft Defender Spoofing […]
The post Microsoft Defender Spoofing Vulnerability Allows Privilege Escalation and AD Access appeared first on Cyber Security News.